SYSGO introduces TPM support in embedded systems

The integration of TPM enables advanced cryptographic services and provides robust hardware-based security features that enhance secure boot processes, file encryption, and system integrity.

TPM, a dedicated cryptoprocessor chip embedded in the system’s main board, is designed to store cryptographic keys and provide additional cryptographic services such as random number generation. With the inclusion of TPM support in ELinOS, developers are now able to build more secure embedded systems that draw on a range of critical security functions.

ELinOS provides a full suite of TPMv2 tools and libraries, empowering developers with the latest in hardware security capabilities. Additionally, the integration with systemd allows for secure automatic encryption of hard disks. The decryption keys are securely stored and retrieved from the TPM during system boot, ensuring that encrypted filesystems are both easy to use and fully protected from unauthorised access.

Additionally, the TPM integration includes tools to manage board-specific devices, offering a tailored solution for various hardware configurations. The non-volatile RAM (NVRAM) feature of TPM allows for the secure reading and writing of values that are protected through secure boot or password mechanisms, ensuring the integrity and confidentiality of sensitive data.

ELinOS also takes advantage of the TPM’s built-in encryption and decryption algorithms, enabling hardware-based security measures that protect sensitive information and communications. The hardware Random Number Generator (RNG) functionality of TPM ensures the generation of true random numbers, which is crucial for secure cryptographic operations.

In the event of suspicious activity or tampering attempts, TPM is able to trigger lock-out mechanisms to prevent unauthorised access, thereby safeguarding the integrity of the system. The addition of TPM support to ELinOS unlocks new security-focused use cases in embedded systems. Developers can simplify the encryption of hard drives while ensuring maximum security, with the TPM managing decryption keys without user intervention.

Additionally, the secure key storage feature allows for the safe storage of cryptographic keys in TPM, which protects critical information such as system credentials, firmware integrity, and encryption details. Users can also encrypt and decrypt sensitive data using TPM’s secure algorithms, to significantly reduce the risk of data theft or manipulation.

TPM is particularly suited for embedded devices in critical sectors such as industrial automation, healthcare, and transportation, where robust security is critical.

“With the addition of TPM support in ELinOS, SYSGO continues its mission to provide the highest standards of security for embedded systems,” said David Engraf, Head of Product Development at SYSGO. “This feature enables developers to fully leverage hardware-based cryptography, ensuring their embedded devices are protected from emerging security threats.”

TPM support is now available as part of ELinOS 7.2.1.